Microsoft officials have announced two patches as part of its monthly releases for September -- one rated critical, one important.

The critical flaw that Microsoft announced today addresses a remote code execution vulnerability when users open a JPEG image on an infected machine. When the PC processes the image, the malware causes a buffer overrun that overwrites program code and replaces it with its own, potentially giving the intruder administrative control of the computer.

Security officials note the only way for the vulnerability to execute is for users to open the image file. This naturally extends to users who visit a site with the doctored image; clicking on the link to such a site automatically downloads and processes the image.

A complete list of affected software and update downloads is available here
.

The patches come days after internetnews.com reported that Microsoft gives premium customers advance notice about its security bulletins before it publicly releases the information.

The second patch addresses a remote code executable vulnerability, which targets Microsoft
Office, FrontPage, Publisher and Works Suite users who convert WordPerfect
5.0 code. Users with administrative privileges who visit a
Web site with the malware can inadvertently hand complete control over to an intruder, but only if the user performs several actions; visiting the site itself won't compromise a user's machine. The only way for the vulnerability to be exploited via e-mail is if the user opened the attachment accompanying the e-mail.

The exploit does not work on WordPerfect 6.x documents or Office 2003 users who've downloaded and installed Service Pack 1. A complete list of affected programs and the fix can be found here.

As previously reported, the two patches released Tuesday do not address the highly critical "drag-and-drop" flaw that was found in Internet Explorer (IE) last month.

Microsoft will host a free Web cast Wednesday to discuss the technical details of the September security bulletins. More information is available here.